search

splunk / terraform-provider-splunk

Terraform Provider for Splunk
Mozilla Public License 2.0
102 stars 75 forks source link

Receive 403 when trying to create a scheduled search/alert #165

Open reachuttam opened 1 year ago

reachuttam commented 1 year ago

We use a Splunk restapi user that can authentocate to Splunk fine but receive a 403 when trying to create a scheduled search/alert.

Further research shows that the terraform user is hitting the rest endpoint of "GET /servicesNS/admin/launcher/saved/searches" for which it is not authorized. Only Splunk Admins can reach "GET /servicesNS/admin/launcher/saved/searches".

How can we switch the rest endpoint for terraform user to use "GET /servicesNS/user/launcher/saved/searches" instead of "GET /servicesNS/admin/launcher/saved/searches".

Thank you

cbaxtersf commented 1 year ago

@reachuttam try setting the acl object on the resource. Example would be:

 acl {
    owner   = "user"
    app     = "launcher"
  }

The above acl object would generate an address like: /servicesNS/user/launcher/saved/searches